Implement critical security fixes from code review

Dockerfile

@@ -1,7 +1,12 @@
 # Use the official ASP.NET Core runtime image (optimized)
 FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
+
+# Define non-root user UID/GID (security best practice)
+ARG APP_UID=1001
+ARG APP_GID=1001
+
 WORKDIR /app
-EXPOSE 5000
+EXPOSE 8080
 
 # Install curl for health checks
 RUN apt-get update && \
@@ -54,31 +59,33 @@ WORKDIR /app
 # Switch to root to create directories and set permissions
 USER root
 
-# Create directories with proper ownership
-RUN mkdir -p /app/wwwroot/uploads/products \
+# Create non-root user and directories with proper ownership
+RUN groupadd -g ${APP_GID} appuser \
+    && useradd -u ${APP_UID} -g ${APP_GID} -m appuser \
+    && mkdir -p /app/wwwroot/uploads/products \
     && mkdir -p /app/data \
     && mkdir -p /app/logs \
-    && chown -R $APP_UID:$APP_UID /app \
+    && chown -R ${APP_UID}:${APP_GID} /app \
     && chmod -R 755 /app/wwwroot/uploads \
     && chmod -R 755 /app/data \
     && chmod -R 755 /app/logs
 
 # Copy published app
-COPY --from=publish --chown=$APP_UID:$APP_UID /app/publish .
+COPY --from=publish --chown=${APP_UID}:${APP_GID} /app/publish .
 
 # Switch back to non-root user
-USER $APP_UID
+USER ${APP_UID}
 
 # Health check
 HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
-    CMD curl -f http://localhost:5000/api/catalog/products || exit 1
+    CMD curl -f http://localhost:8080/health || exit 1
 
 # Optimize runtime
 ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=0 \
     DOTNET_RUNNING_IN_CONTAINER=true \
     DOTNET_USE_POLLING_FILE_WATCHER=true \
     ASPNETCORE_FORWARDEDHEADERS_ENABLED=true \
-    ASPNETCORE_URLS=http://+:5000 \
+    ASPNETCORE_URLS=http://+:8080 \
     ASPNETCORE_ENVIRONMENT=Production
 
 ENTRYPOINT ["dotnet", "LittleShop.dll"]